augmenting stack overflow with api usage patterns mined
play

Augmenting Stack Overflow with API Usage Patterns Mined from GitHub - PowerPoint PPT Presentation

Aug 15, 2022 •460 likes •821 views

Augmenting Stack Overflow with API Usage Patterns Mined from GitHub Anastasia Reinhart 1,2 * Tianyi Zhang 1 Mihir Marthur 1 Miryung Kim 1 1 University of California, Los Angeles 2 George Fox University * Work done as a research intern at UCLA. 1

  1. Augmenting Stack Overflow with API Usage Patterns Mined from GitHub Anastasia Reinhart 1,2 * Tianyi Zhang 1 Mihir Marthur 1 Miryung Kim 1 1 University of California, Los Angeles 2 George Fox University * Work done as a research intern at UCLA. 1

  2. Using APIs properly is becoming a key challenge Android SDK e.g., JDK APIs 2

  3. The Status Quo of Learning APIs Developers often search online for code examples to learn APIs [Sadowski et al. 2016] 3

  4. The Limitation of Online Code Examples • Programmers can only inspect a handful of search results. [Brandt et al., 2009, Starke et al., 2009, Duala-Ekoko and Robillard, 2012] • Individual code examples may suffer from – insecure coding practices [Fischer et al., 2017] – unchecked obsolete usage [Zhou and Walker, 2016] – low readability [Treude and Robillard, 2017] 4

  5. The Limitation of Online Code Examples • Programmers can only inspect a handful of search results. [Brandt et al., 2009, Starke et al., 2009, Duala-Ekoko and Robillard, 2012] A recent study shows that 31% of SO posts have potential API • Individual code examples may suffer from usage violations. – insecure coding practices [Fischer et al., 2017] – unchecked obsolete usage [Zhou and Walker, 2016] Zhang et al., Are Online Code Examples Reliable? A Study of API Misuse on – low readability [Treude and Robillard, 2017] Stack Overflow, ICSE 2018 Dataset: http://web.cs.ucla.edu/~tianyi.zhang/examplecheck.html 5

  6. Missing If Checks https://stackoverflow.com/questions/21983867 6

  7. Missing If Checks This example throws NoSuchElementException. You should not call firstKey on an empty TreeMap. 7

  8. Missing API Calls https://stackoverflow.com/questions/12100651 8

  9. Missing API Calls This example throws BufferUnderflowException. You must call ByteBuffer.flip() to reset the internal buffer. https://stackoverflow.com/questions/12100651 9

  10. ExampleCheck: Augmenting Stack Overflow with API Usage Patterns Mined from GitHub 10

  11. Now available at Chrome Web Store! 11

  12. ExampleCheck Workflow ExampleCheck Server Web Browser Stack Overflow Code ... API usage mining Extraction API misuse <code> on GitHub … (offline) </code> Pop up … API Misuse Detection Generation 12

  13. API Usage Mining from GitHub [ICSE 2018] 2 1 Frequent Code Program Call Sequence Sequence Mining Search Slicing Extraction 3 API usage 380K Java Repositories on GitHub Structured API SMT-based Guard patterns call sequences Condition Mining 13

  14. Insight 1: Mining a Large Code Corpus • Our code corpus includes 380K GitHub projects with at least 100 revisions and 2 contributors. 2 1 Frequent Code Program Call Sequence Sequence Mining Search Slicing Extraction API usage 3 380K Java Repositories on GitHub Structured API SMT-based Guard patterns call sequences Condition Mining Dyer et al. Boa: A language and infrastructure for analyzing ultra-large-scale software repositories. ICSE 2013. 14

  15. Insight 2: Removing Irrelevant Statements via Program Slicing • We perform backward and forward slicing to identify data- and control-dependent statements to an API method of interest. 2 1 Frequent Code Program Call Sequence Sequence Mining Search Slicing Extraction API usage 3 380K Java Repositories on GitHub Structured API SMT-based Guard patterns call sequences Condition Mining 15

  16. void initInterfaceProperties(String temp, File dDir) { if(!temp.equals("props.txt")) { GitHub example of log.error("Wrong Template."); return; File.createNewFile } // load default properties FileInputStream in = new FileInputStream(temp); Properties prop = new Properties(); prop.load(in); ... init properties ... // write to the property file String fPath=dDir.getAbsolutePath()+"/interface.prop"; File file = new File(fPath); if(!file.exists()) { The focal file.createNewFile(); API method } FileOutputStream out = new FileOutputStream(file); prop.store(out, null); in.close(); 16 }

  17. void initInterfaceProperties(String temp, File dDir) { if(!temp.equals("props.txt")) { Data dependency up to one log.error("Wrong Template."); hop, i.e., direct dependency return; } // load default properties FileInputStream in = new FileInputStream(temp); Properties prop = new Properties(); prop.load(in); ... init properties ... // write to the property file String fPath=dDir.getAbsolutePath()+"/interface.prop"; control File file = new File(fPath); if(! file .exists()) { The focal data file .createNewFile(); API method } FileOutputStream out = new FileOutputStream( file ); prop.store(out, null); in.close(); 17 }

  18. Insight 3: Capture the Semantics of API Usage • It is important to capture the temporal ordering, enclosing control structures, and appropriate guard conditions of API calls. 2 1 Frequent Code Program Call Sequence Sequence Mining Search Slicing Extraction 3 API usage 380K Java Repositories on GitHub Structured API SMT-based Guard patterns call sequences Condition Mining 18

  19. Insight 3: Capture the Semantics of API Usage Grammar of Structured Call Sequences new File (String); try {; new FileInputStream(File)@arg0.exists(); } catch (IOException) {; } 19

  20. Insight 3: Capture the Semantics of API Usage Grammar of Structured Call Sequences new File (String); try {; new FileInputStream(File)@arg0.exists(); } catch (IOException) {; } 20

  21. Insight 3: Capture the Semantics of API Usage Grammar of Structured Call Sequences new File (String); try {; new FileInputStream(File)@arg0.exists(); } catch (IOException) {; } 21

  22. Insight 3: Capture the Semantics of API Usage Grammar of Structured Call Sequences new File (String); try {; new FileInputStream(File)@arg0.exists(); } catch (IOException) {; } 22

  23. Insight 4: SMT-based Guard Condition Mining • GitHub developers may write the same predicate in different ways. 2 1 Frequent Code Program Call Sequence Sequence Mining Search Slicing Extraction 3 380K Java Repositories on GitHub Structured API SMT-based Guard call sequences Condition Mining 23

  24. Insight 4: SMT-based Guard Condition Mining • We group guard conditions based on their logic equivalence. • We use Z3 to prove the logic equivalence of guard conditions. • p ⇔ q is valid iff. ¬((¬p ∨ q) ∧ (p ∨ ¬q)) is UNSAT. Two equivalent but syntactically different guard conditions for substring(int): arg0>=0 && arg0<=rcv.length() ⇔ arg0>-1 && arg0<rcv.length()+1 24

  25. API Misuse Detection • Contrast SO code snippets with mined API usage patterns automatically. Temporal query Ordering Check Call Sequence Java Patterns Extraction Guard Condition pattern(s) Check Stack Overflow Structured API snippets call sequences API usage violations 25

  26. Extract Structured Call Sequence JsonObject obj = root.getAsJsonObject(); JsonElement match_number = obj.get("match_number"); ... System.out.println( match_number.getAsString()); SO code example [Post 29860000] 26

  27. Extract Structured Call Sequence JsonObject obj = root.getAsJsonObject(); getAsJsonObject()@true; JsonElement match_number = extract get(String)@true; obj.get("match_number"); ... ... getAsString()@true; System.out.println( match_number.getAsString()); println(String)@true Structured Call Sequence SO code example [Post 29860000] 27

  28. Extract Structured Call Sequence JsonObject obj = root.getAsJsonObject(); getAsJsonObject()@true; JsonElement match_number = extract get(String)@true; obj.get("match_number"); ... ... getAsString()@true; System.out.println( match_number.getAsString()); println(String)@true Structured Call Sequence SO code example [Post 29860000] 28

  29. API Usage Pattern for JsonElement.getAsString() getAsJsonObject()@true; try {; get(String)@true; getAsString() @rcv.isJsonPrimitive(); ... }; getAsString() @true; catch (Exception) {; println(String)@true }; Structured Call Sequence An API Usage Pattern of JsonElement.getAsString() 29

  30. Temporal Ordering Check getAsJsonObject()@true; try {; get(String)@true; getAsString () @rcv.isJsonPrimitive(); ... }; getAsString() @true; catch (Exception) {; println(String)@true }; Structured Call Sequence An API Usage Pattern of JsonElement.getAsString() missing a try-catch block! 30

  31. Guard Condition Check getAsJsonObject()@true; try {; get(String)@true; getAsString()@ rcv.isJsonPrimitive() ; ... }; getAsString()@ true ; catch (Exception) {; println(String)@true }; Structured Call Sequence An API Usage Pattern of JsonElement.getAsString() true ⇏ rcv.isJsonPrimitive() and thus incorrect guard condition! 31

  32. Evaluation Results [ICSE 2018] • 31% of 217K SO posts contain API usage violations. • 72% of sampled posts with violations may cause program crashes, resource leaks, etc. • Highly-voted posts are not necessarily more reliable in terms of correct API usage. 32

  33. Live Demo 33

  34. Summary • Alert users about potential API usage violations in Stack Overflow using patterns mined from 380K GitHub projects • Expand the scope of APIs beyond 100 Java and Android APIs • Automate the end-to-end pipeline of API usage mining to keep API usage patterns up-to-date Tool: https://chrome.google.com/webstore/detail/examplecheck/ amliempebckaiaklimcpopomlnklkioe Dataset: http://web.cs.ucla.edu/~tianyi.zhang/examplecheck.html 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Re-arquitetando o Re-arquitetando o Stack Overflow Stack Overflow ou como construmos o Stack

Re-arquitetando o Re-arquitetando o Stack Overflow Stack Overflow ou como construmos o Stack

Re-arquitetando o Re-arquitetando o Stack Overflow Stack Overflow ou como construmos o Stack Overflow for Teams Roberta Arcoverde 1 /whois /whois recifense programadora h 15 anos principal software developer na stack overflow

711 views • 52 slides
Evolution of Stack Overflow Discussions Using Sentimental Analysis on Comments in Stack Overflow

Evolution of Stack Overflow Discussions Using Sentimental Analysis on Comments in Stack Overflow

Evolution of Stack Overflow Discussions Using Sentimental Analysis on Comments in Stack Overflow Posts Presented by Norbert Eke and Saraj Manes Motivation SOTorrent 2018 : Reconstructing and Analyzing the Evolution of Stack Overflow

547 views • 17 slides
History of the Stack Overflow Buffer Overflow Understood

History of the Stack Overflow Buffer Overflow Understood

History of the Stack Overflow Buffer Overflow Understood as early as 1972 Computer Security Technology Planning Study Morris Worm First

1.07k views • 42 slides
Tutorial 5 Overflow Structures Call stack and stack frames 1 CS 136 Spring 2020

Tutorial 5 Overflow Structures Call stack and stack frames 1 CS 136 Spring 2020

Tutorial 5 Overflow Structures Call stack and stack frames 1 CS 136 Spring 2020 Tutorial 4 Overflow: Introduction Any variable in C takes up a certain amount of memory (bits). This limits the range of values that can be

369 views • 19 slides
How Developers Read and Comprehend Stack Overflow Questions for Tag Prediction Senior Capstone

How Developers Read and Comprehend Stack Overflow Questions for Tag Prediction Senior Capstone

How Developers Read and Comprehend Stack Overflow Questions for Tag Prediction Senior Capstone Project By: Ali Morris Objectives Determine what developers focus on when reading Stack Overflow questions to assign tags using eye-tracking

440 views • 26 slides
Stack Overflow Topic 15 Implementing and Using Stacks I l ti d U i St k &quot;stack n.

Stack Overflow Topic 15 Implementing and Using Stacks I l ti d U i St k &quot;stack n.

Stack Overflow Topic 15 Implementing and Using Stacks I l ti d U i St k &quot;stack n. The set of things a person has to do in the future. &quot;I haven't Th t f thi h t d i th f t &quot;I h 't done it yet because every time I

119 views • 8 slides
Buffer Overflow Attacks IA32 Linux Stack Higher Addresses Virtual Address Space Heap Data

Buffer Overflow Attacks IA32 Linux Stack Higher Addresses Virtual Address Space Heap Data

Buffer Overflow Attacks IA32 Linux Stack Higher Addresses Virtual Address Space Heap Data Text Lower Addresses Stack and Base Pointers Stack is made up of stack frames Stack frames contain: parameters, local variables, return

604 views • 45 slides
BECLoMA: Augmenting Stack Traces with User Review Information L. Pelloni, G. Grano, A.

BECLoMA: Augmenting Stack Traces with User Review Information L. Pelloni, G. Grano, A.

BECLoMA: Augmenting Stack Traces with User Review Information L. Pelloni, G. Grano, A. Ciurumelea, S. Panichella, F. Palomba, H. Gall SANER 2018, 20-23 March, Campobasso (Italy) grano@ifi.uzh.ch giograno90 149 billions of apps 12 millions

592 views • 18 slides
Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed

1 Buffer Overflows with Content 2 A Process Stack Buffer Overflow Common Techniques employed in buffer overflow exploits to create backdoors Execution of additional network services via the INETD daemon The addition of new users

497 views • 30 slides
T l Telecommunications i ti Usage Patterns and Usage Patterns and Satisfaction in Lebanon 3

T l Telecommunications i ti Usage Patterns and Usage Patterns and Satisfaction in Lebanon 3

T l Telecommunications i ti Usage Patterns and Usage Patterns and Satisfaction in Lebanon 3 December, 2008 Click to edit Master title style Click to edit Master title style Outline Outline Objective and Scope of the Project Key

208 views • 19 slides
Buffer Overflow Attack Outline Understanding of Stack Layout Vulnerable code

Buffer Overflow Attack Outline Understanding of Stack Layout Vulnerable code

Buffer Overflow Attack Outline Understanding of Stack Layout Vulnerable code Challenges in exploitation Shellcode Countermeasures Program Memory Stack a,b, ptr ptr points to the memory here y x Order of the function

368 views • 36 slides
DEFINE RESEARCH QUESTIONS Over 11 million users on Stack Overflow What is the

DEFINE RESEARCH QUESTIONS Over 11 million users on Stack Overflow What is the

Motivation Research Questions An empirical study on negative Methodology answers at Stack Overflow Experiment Result Threat of Validity Ethan Wang &amp; Sherry Zhu Future Work Conclusion DEFINE RESEARCH QUESTIONS Over 11 million

183 views • 5 slides
Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by

Chapter 10 Buffer Overflow Buffer Overflow Common attack mechanism first wide use by the Morris Worm in 1988 Prevention techniques known NX bit, stack canaries, ASLR Still of major concern Recent examples:

354 views • 21 slides
a single gadget weird machine Framing Signals a return to portable shellcode Erik Bosman and

a single gadget weird machine Framing Signals a return to portable shellcode Erik Bosman and

a single gadget weird machine Framing Signals a return to portable shellcode Erik Bosman and Herbert Bos stack buffer overflow stack return addr buffer sp 1 stack buffer overflow stack return addr buffer sp 1 stack buffer overflow

1.65k views • 89 slides
Optimization for marking and sweeping Optimization for marking Use a marking stack

Optimization for marking and sweeping Optimization for marking Use a marking stack

Optimization for marking and sweeping Optimization for marking Use a marking stack Iterative marking Minimize stack depth to avoid stack overflow Knuth: treat marking stark circularly Kurokawa: remove items from stack that have

612 views • 16 slides
Outline Memory safety and security CSci 4271W Stack buffer overflow Development of Secure

Outline Memory safety and security CSci 4271W Stack buffer overflow Development of Secure

Outline Memory safety and security CSci 4271W Stack buffer overflow Development of Secure Software Systems Day 2: Memory Safety Introduction Reversing the stack Stephen McCamant University of Minnesota, Computer Science &amp; Engineering

440 views • 4 slides
detection analysis Bradley J. Kavanagh University of Nottingham arXiv:1207.2039 with Anne M.

detection analysis Bradley J. Kavanagh University of Nottingham arXiv:1207.2039 with Anne M.

Improving dark matter direct detection analysis Bradley J. Kavanagh University of Nottingham arXiv:1207.2039 with Anne M. Green Speed dependence Speed dependence dR ~ ( ) v min dE R Speed dependence dR ~ ( ) v min dE

418 views • 38 slides
A Brief Introduction to Semantics CMSC 473/673 UMBC Outline Recap: dependency grammars and

A Brief Introduction to Semantics CMSC 473/673 UMBC Outline Recap: dependency grammars and

A Brief Introduction to Semantics CMSC 473/673 UMBC Outline Recap: dependency grammars and arc-standard dependency parsing Meaning from Syntax Structured Meaning: Semantic Frames and Roles What problem do they solve? Theory Computational

998 views • 83 slides
Mechanism Design with Unknown Correlated Distributions: Can We Learn Optimal Mechanisms? Michael

Mechanism Design with Unknown Correlated Distributions: Can We Learn Optimal Mechanisms? Michael

Mechanism Design with Unknown Correlated Distributions: Can We Learn Optimal Mechanisms? Michael Albert 1 , Vincent Conitzer 1 , Peter Stone 2 1 Duke University, 2 University of Texas at Austin May 10th, 2017 1 / 23 Introduction Background

744 views • 62 slides
Analysis of Code Heterogeneity for High-precision Classification of Repackaged Malware Gang Tan

Analysis of Code Heterogeneity for High-precision Classification of Repackaged Malware Gang Tan

MOBILE SECURITY TECHNOLOGIES 2016 Analysis of Code Heterogeneity for High-precision Classification of Repackaged Malware Gang Tan Ke Tian, Daphne Yao, Barbara Ryder Department of Computer Science Department of Computer Science Virginia

457 views • 24 slides
CS415: Systems programming Abdullah Alfarrarjeh Most of the slides in this lecture are either

CS415: Systems programming Abdullah Alfarrarjeh Most of the slides in this lecture are either

CS415: Systems programming Abdullah Alfarrarjeh Most of the slides in this lecture are either from or adapted from the slides provided by Dr. Ahmad Barghash A computer system Is a collection of hardware and software components that work

248 views • 24 slides
A Coinductive Monad for Prop -bounded Recursion Adam Megacz megacz@cs.berkeley.edu PLPV07

A Coinductive Monad for Prop -bounded Recursion Adam Megacz megacz@cs.berkeley.edu PLPV07

A Coinductive Monad for Prop -bounded Recursion Adam Megacz megacz@cs.berkeley.edu PLPV07 October 5th, 2007 Freiburg, Germany Entire Talk In One Slide Coqs type theory can directly represent side-effect free, obviously-terminating

970 views • 63 slides
Convolutional Neural Networks with Data Augmentation against Jitter-Based Countermeasures Eleonora

Convolutional Neural Networks with Data Augmentation against Jitter-Based Countermeasures Eleonora

Convolutional Neural Networks with Data Augmentation against Jitter-Based Countermeasures Convolutional Neural Networks with Data Augmentation against Jitter-Based Countermeasures Eleonora Cagli 1 , 3 ecile Dumas 1 C Emmanuel Prouff 2 , 3 1

1.28k views • 100 slides
CS137: Today Electronic Design Automation Multilevel Synthesis/Optimization Why

CS137: Today Electronic Design Automation Multilevel Synthesis/Optimization Why

CS137: Today Electronic Design Automation Multilevel Synthesis/Optimization Why Transforms -- defined Day 5: October 7, 2005 Division/extraction Multi-level Synthesis How we support transforms Boolean Division

358 views • 9 slides

More recommend